Create a Data Center Segmentation Strategy
Segment your data center network to protect sensitive
systems and to prevent lateral movement of malware.
A flat, unsegmented network is difficult to defend because if an attacker gains access to the
network, the attacker can move laterally throughout the network and compromise critical
systems. This is especially true inside the data center, where enterprises store their
most valuable assets. Old segmentation methods such as VLANs and ACLs don’t scale well,
are difficult to automate, and don’t take into account users, content, or applications,
so they provide little control over traffic and little visibility into traffic.
Create a segmentation strategy that results in more granular access control to data center
resources, which gives you better visibility into traffic. The more granular your
segmentation strategy, the more visibility into traffic you gain because traffic must
traverse a firewall (segmentation gateway) as it flows between segments. Segmentation
also makes compliance and compliance audits easier because you can control access to
sensitive, personal, and mission-critical data at a very granular level and allow only
necessary access to that data. This protects the data and reduces the scope of
audits.
Your data center segmentation strategy depends on your architecture and your business goals, so
there is no “one size fits all” implementation. However, learning common guidelines
enables you to design and implement a segmentation strategy to protect your data center
network and its valuable information.